For my project, I built and tested two versions of a web application—one intentionally vulnerable and one secured—to evaluate how Cross-Site Scripting (XSS) impacts application reliability, user safety, and operational risk.

What I implemented:
• Local PHP-based web stack using VS Code + PHP built-in server
• Two environments:

Vulnerable site (no input validation or encoding)

Secure site (defense-in-depth controls)
• Demonstrated both reflected and stored XSS attacks using real JavaScript payloads

Observability & Detection:
• Pattern-based input inspection to detect injections<br> • Server-side logging of suspicious payloads to xss_log.txt<br> • Browser dev tools used to verify execution vs. prevention</p>

<p>Hardening &amp; Prevention (DevOps Lens):<br> • Output encoding using htmlspecialchars()<br> • Input validation and sanitization<br> • Content Security Policy (CSP) to block inline and unauthorized scripts<br> • Layered controls to reduce blast radius even if one defense fails</p>

<p>Outcome:<br> • Vulnerable site executed malicious scripts immediately<br> • Secure site blocked execution, logged attempts, and remained stable</p>

<p>DevOps Takeaway:<br> This project reinforced how secure coding practices, observability, and policy-based controls are critical to application reliability. From a DevOps perspective, XSS isn’t just a security bug—it’s an operational risk that can impact user trust, availability, and compliance.<br> <a href=“https://youtu.be/yRzVNmUdgTQ”>https://youtu.be/yRzVNmUdgTQ</a></p>